The DynDN.eS Blog

About DynDN.eS, eQmail, Gentoo & some other network stuff

User Tools

Site Tools


Config file sysctl.conf overwrites sysctl.d

Yesterday I did run into one of these issues, which drives me crazy. ;-) As it was an unneeded one also. After an update of my Gentoo system and rebooting it, the routing didn't work anymore. My routing configuration is a bit complex, so let me make a long story short. After digging a while I checked out the ip4 forwarding. And what did I recognize - it was set to OFF, instead it should be ON.

In  /etc/sysctl.d/local.conf  I have the following entry:

net.ipv4.ip_forward=1

I could swear that this was working and set correctily at the last reboot (round about 3 months ago)!

To set this parameter by hand is/was not an issue, but I wanted to know the reason why this was happen. I did restart the  sysctl  service and saw:

 * WARNING: you are stopping a boot service
 * Caching service dependencies ...                                               [ ok ]
 * Configuring kernel parameters ...
* Applying /etc/sysctl.d/local.conf ...
net.ipv4.ip_forward = 1
* Applying /etc/sysctl.conf ...
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1

My configuration was applied first and than overwritten! As of Gentoo's  CONFIG_PROTECT  feature I never touch a config file as long I can do all configuration in a  /etc/*.d/  directory. These configuration settings should overwrite any other settings and not vice versa - like all other programs except  sysctl  do. It was strange that it was so by design, as far I read.

Workaround

I don't like a to use a workaround, because it could never be a clean solution. But in this case it have to be. I created a file  /etc/local.d/sysctl.start  to do at boot time:

/sbin/sysctl -p /etc/sysctl.d/local.conf

I didn't searching for what was changed - as this was not important for me now. But I think it was the order of reading config files, not the config file itself. Maybe it is related with an OpenRC update.

Update Nov. 2, 2017

I was reminded about this issue few days ago. It still happens 2 years later, which forces me to dig a bit deeper. In  /etc/sysctl.conf  is still the line

net.ipv4.ip_forward = 0

I don't understand why, because this is the default kernel setting - there is no need to set it again. Now, you can edit  /etc/sysctl.conf  and change the value to 1. But I try to prevent doing this in general, because it creates extra work on updates with the CONFIG_PROTECT variable. The setting is a violation of the KISS principle - even if it is relative small. It requires more and extra work to change it as usually needed and outside the standard too - another sysadmin (maybe) have to spend time to investigate to get the workaround.

The behavior is NOT a bug of sysctl but Gentoo. I filed a bug at Gentoo which was closed faster than I needed to file it with a simple “worked for me”. Sure - if you don't have to enable (IPv4) routing. Perhaps it was my fault as I didn't use the correct description (which is always hard - you don't know what the reader interprets). Using a simpler different wording: this setting have to be removed or disabled by default. However, I couldn't see availability to try to understand the issue if you have to enable (IPv4) routing or of further discussion. Sure most systems work w/o this, but not all. Weird?

Comments

Error: Class "XMLReader" not found

Error: Class "XMLReader" not found

An unforeseen error has occured. This is most likely a bug somewhere. It might be a problem in the captcha plugin.

More info has been written to the DokuWiki error log.